Shopping Cat?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Shopping Cat?

Post by Mr Tech »

Hey there,

What is the best way to record information in a customers shopping cart?

Cookies and MySQL Database would eb the best do you think?

Thanks for yuor input.
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

depends on the functionality desired.

but yeah most carts use cookies along w/ a db, or just sessions/cookies
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Post by Mr Tech »

Well basically all I want it to do is allow customers to add and delete items from the shopping cart and when they are happy, they click order.

What is more secure and reliable do you think?

Cookies and MySQL DB
Sessions and Cookies
Thanks
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

again it depends on what you want to do.
If a user close's the brower do you want to keep the cart alive?
Allow them to return to the cart later if they don't purchase right away?

I have seen systems work both ways of have a combination of sessions/cookies or db's

If you don't care about keeping the cart alive then sessions/cookies will work fine as long as you record the order in a db once they want to purchase.
If you want to keep the cart between sessions then recording everything in a db as they add and delete items or update quantities is the best way to go IMHO.

Never store CC detials as that just posses all sorts of security issues that very few people want to deal with and I personally would never use a site if I knew that they where storing my CC detials.
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Post by Mr Tech »

Thanks Scott,

What does IMHO mean?

Thanks

Ben
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

What does IMHO mean?
In My Honest Opinion..


I believe..
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

imho: in my humble opinion
imnsho : in my not so humble opinion

OR google "internet jargon imho" (2nd hit)
http://www.fone.net/support/genhelp/jargon.html
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Post by Mr Tech »

LOL thanks guys
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Post by Mr Tech »

Oh and while I think of it:

If the shopping cart has lets say for example 100 items in it, how would I confirm that to the MySQL DB that they have paid?

After paying, should I just redirect them page to one of my pages, and use the cookie to identify the customer, and to say to the database that they have paid?

What is a secure way to do this because there can be 1 to 10,000 products in the shopping cart?
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

personally i wouldnt redirect and then tell the db that they have paid. i would do it in the same script that finds out firsthand if they paid or not.

reason is, if not done carefully, you might leave a hole open where people could fake having paid, or paid, but it doesnt get recorded, and both are very bad.

but you could redirect them to a thank you page, where a cookie identifies them, and then php finds thier record based on that cookie and then says thank you etc...i just wouldnt have the thank you page be the one to actually modify the db.

as far as how to do things, id recomend you look at the source of some working shopping cart scripts.
a long time ago i took a look at this one, i found it pretty helpfull
http://mymarket.sourceforge.net/
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Post by Mr Tech »

OK i'll have a look... If anyone else has any sugegstions please let me know :)
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Post by Mr Tech »

That script you gave stored the CC in the DB... I'm not doing that so it doesn't really help...

Would this be secure:

Customer clicks order and confirms everything.
The browser sends them to the remote payment processor for them to fill out the form.
The processor sends them to the page that says they have paid in the MySQL DB (eg: mydomain.com/paid.php)
And then paid.php uses header("location: thanks.php") to send them to the thank you page...

What do you think?
User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Post by Mr Tech »

I just found what I'm looking for.

My payment processor has an XML payment gateway... So the customer doesn't even leave the site to pay, it uses XML to send the data to my payment processor allowing me to add paid the the MySQL DB. All i need is an SSL certificate.

Thanks for your help any guys.

If anyone does know what to do about recording payments when the customers have to go to the payment processors website to enter their CC details, I'm sure it would help others.
Post Reply